[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    MyBB XSS cross-site scripting
From:       addmimistrator () gmail ! com
Date:       2005-12-31 8:25:26
Message-ID: 20051231082526.28498.qmail () securityfocus ! com
[Download RAW message or body]

Hey
this is a security bug in printthread.PHP script of MyBB(all version also fully \
patched) that allows XSS crosssite scripting hacking and can be exploit without \
limitation. post this message on a thread and go to print view of thread to view \
execution of exploit.

<script language=javascript>document.write("<script \
language=javascript>a"+"lert('Security bug allows XSS Cross-site scripting hacking \
found by imei')</"+"script>");</script>


this bug is in result of poor checking htmlspecialchars in printthread view of a \
topic and can exploit without any limitation against cookies.

be beauty
imei


[prev in list] [next in list] [prev in thread] [next in thread]